#
# This is a beaker_server role.
#
---

# it's unfortunate, but the beaker devs say that this is required until
# https://bugzilla.redhat.com/show_bug.cgi?id=1074384 is solved
- name: switch selinux off
  selinux: state=disabled
  tags:
    - selinux
    - beaker-server

- name: install packages required for beaker-server
  package: name={{ item }} state=present
  with_items:
      - beaker-server
      - mod_auth_mellon
      - libvirt-client
  tags:
    - beaker-server
    - MySQL-python

- name: create /etc/httpd/saml2/{{ beaker_server_cname }}
  file: >
    path="/etc/httpd/saml2/{{ beaker_server_cname }}"
    state=directory owner=apache group=apache mode=0700
  tags:
    - beaker-server

- name: copy SAML identity provider metadata
  copy: >
    src="{{ private }}/files/saml2/idp-{{env}}.xml"
    dest="/etc/httpd/saml2/{{ beaker_server_cname }}/idp-metadata.xml"
    owner="apache" group="apache" mode=0600
  notify:
    - reload httpd
  tags:
    - beaker-server

- name: copy SAML files
  copy: >
    src="{{ item }}" dest="/etc/httpd/{{ item }}"
    owner="apache" group="apache" mode=0644
  with_items:
    - "saml2/{{ beaker_server_cname }}/metadata.xml"
    - "saml2/{{ beaker_server_cname }}/certificate.pem"
  notify:
    - reload httpd
  tags:
    - beaker-server

- name: copy SAML private key
  copy: >
    src="{{ private}}/files/saml2/{{ beaker_server_cname }}/certificate.key"
    dest="/etc/httpd/saml2/{{ beaker_server_cname }}/certificate.key"
    owner="apache" group="apache" mode=0600
  notify:
    - reload httpd
  tags:
    - beaker-server

- name: Replace default apache beaker-server.conf
  template:
    src: beaker-server.conf
    dest: /etc/httpd/conf.d/beaker-server.conf
    owner: root
    group: root
    mode: 0644
  notify:
    - reload httpd
  tags:
    - beaker-server

- name: Replace default beaker_server.cfg file
  template:
    src: etc/beaker/server.cfg.j2
    dest: /etc/beaker/server.cfg
    owner: apache
    group: root
    mode: 0660
    backup: yes
    force: yes
  register: setup_beaker_conf
  notify:
    - restart beaker server
    - reload httpd
  tags:
    - beaker-server

- name: create the beaker database
  mysql_db: name={{ beaker_db_name }} state=present

- name: create beaker database user
  mysql_user:
    name: "{{ beaker_db_user }}"
    password: "{{ beaker_db_password }}"
    priv: "{{ beaker_db_name }}.*:ALL,GRANT"
    state: present

- name: initialize beaker database
  command: "beaker-init -u {{beaker_server_admin_user}} -p {{beaker_server_admin_pass}} -e {{beaker_server_email}}"
  when: setup_beaker_conf|success
  tags:
    - beaker-init
    - beaker-server

# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1327051
- name: create /var/run/beaker
  command: systemd-tmpfiles --create beaker-server.conf
  tags:
    - beaker-server

- name: ensure the Apache server and the Beaker daemon are running
  service: name={{ item }} state=started enabled=yes
  with_items:
    - httpd
    - beakerd
  tags:
    - beaker-server

- import_tasks: client.yml

- name: ensure beaker server has all relevant virthost ssh signatures in known_hosts
  lineinfile: dest=/root/.ssh/known_hosts regexp='{{ item.hostname }}' line='{{ item.hostname }} {{ item.signature }}' create=yes owner=root group=root
  with_items:
    - '{{ beaker_virthost_signatures }}'
  tags:
    - beaker-server

